From David Hassen - Technical Blog
Computing 'How to' WordPress Upload Permission problem on IIS 7
Problem: When uploading files through the WordPress interface (either via add media or attaching to a post), IIS can’t seem to read the file properly, more specifically serving the file. The IUSR account has the correct permissions on the uploads folder, the file is actually on the server when inspected. Anonymous authentication is enabled, fastcgi is correctly impersopnating, and IUSRS group also has the correct settings. Even the network service account has permissions on the uploads directory. The problem still persists! The directories have cascading / inherited permissions set, but when a file is uploaded, the file in question doesn’t inherit the permissions – they are granted some ‘special permissions’ for the network service account also. I assumed there was a problem with the network service account permissions etc. Not so….
Solution: Check the temp uploads folder that PHP uses. In my php.ini file on IIS, I have file_uploads = On and specified a folder location at upload_tmp_dir = <directory location>
Check that the directory exists, and make sure that the IUSR account has modfy permissions on the folder.
Reason: When php uploads files, it stores them in a temp directory for loading. When you upload a file using wordpress, the correct accounts need the appropriate permissions, otherwise the file doesn’t get written to the desired location with the correct permissions.
I haven't tested it but it fits ...